PS-CryptoStudioToolKit.Psm1
|
Function Encrypt-RSA ($Plaintext)
{ <# .SYNOPSIS PowerShell-CryptoStudio Toolkit- Encrypt-RSA Version 2.0.0.2 .DESCRIPTION Encrypts a string of plain text into ciphertext using the public key of the PS-Crypto host certificate Encryption with the Root or SubCa's is not supported .PARAMETER Plaintext The plaintext of the string to be encrypted. Maximum string length is ((KeySize - 384) / 8) + 7 .EXAMPLE PS> Encrypt-RSA "This is my plaintext" .INPUTS None. .NOTES Requirements: Windows 10 17.09 or better or Server 2016 or better Requirements: Windows PowerShell 5.1 Error return codes -1 Plaintext is null -2 No compatible certificates found -3 Error encrypting data. Public key issue? -4 Length of plaintext is greater than the supported key size. Maximum string length is ((KeySize - 384) / 8) + 7 #> # Check to make sure that plain text is not null If ($PlainText -eq $Null) { # Plaintext is null Return -1 } # Get PS-Crypto certificates $CertID="CryptoStudio-SubCA" $Certs=Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.FriendlyName -match "CryptoStudio-SubCA"}| Sort-Object -Property Issuer | Select-Object -First 1 # Check to make sure we got a certificate If (! $Certs) { # No certs found Return -2 } # Maximum string length is ((KeySize - 384) / 8) + 7 $KeySize = $Certs.PublicKey.Key.KeySize $MaxEncryptedLength = (($KeySize - 384) / 8) + 7 If (($PlainText.Length) -gt $MaxEncryptedLength) { Return -4 } # $Enc is used to convert text to UTF8-System bytes $Enc = [system.Text.Encoding]::UTF8 # Begin # Convert to plaintext to byte array Try { $MyError=$ErrorActionPreference;$ErrorActionPreference = "Stop" $UnencBytes = $Enc.GetBytes($PlainText) # Encrypt payload $EncryptedEncodedBytes = $Certs.PublicKey.Key.Encrypt($UnencBytes, $True) $ErrorActionPreference=$MyError Return ($Certs.Thumbprint), $EncryptedEncodedBytes } Catch { $ErrorActionPreference=$MyError Return -3 } } Function Decrypt-RSA ($Thumbprint, $CipherText) { <# .SYNOPSIS PowerShell-CryptoStudio Toolkit- Decrypt-RSA Version 2.0.0.2 .DESCRIPTION Decrypts a string of ciphertext into plaintext using the private key of the PS-Crypto host certificate .PARAMETER Thumbprint The thumbprint of the certificate used to decrypt the ciphertext. This must be in the LocalMachine\My store. This is the default location used by PS-CryptoStudio This certificate must contain the private key or the decyption process will fail .PARAMETER Ciphertext This is the ciphertext to be decrypted to plaintext .EXAMPLE PS> Decrypt-RSA $Thumbprint $Ciphertext .INPUTS None. .NOTES Requirements: Windows 10 17.09 or better or Server 2016 or better Requirements: Windows PowerShell 5.1 Error return codes -1 Ciphertext is null -2 No certificate found-bad thumbprint provided? -3 Error during decryption-Is private key available #> # Make sure that cipher text is not null If ($CipherText-eq $Null) { pause Return -1 } # Get PS-Crypto certificates $CertID="CryptoStudio-SubCA" $Certs=Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.Thumbprint -match $Thumbprint} # Check to make sure we got a certificate If (! $Certs) { Return -2 } # $Dec is used to system bytes data to ASCII $Dec=[System.Text.Encoding]::ASCII # Begin # Attempt to decrypt data Try { $MyError=$ErrorActionPreference;$ErrorActionPreference = "Stop" $UnencryptedBytes = $Certs.PrivateKey.Decrypt($EncryptedEncodedBytes, $True) # Convert bytes back to string $UnEncData = $Dec.GetString($UnencryptedBytes) $ErrorActionPreference=$MyError Return $UnEncData } Catch { $ErrorActionPreference=$MyError Return -3 } } |